« List of all CVEs

CVE-2014-0333

Published: 2/27/2014 Last updated: 8/6/2024 Reserved: 12/5/2013

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

CNA assigner: certcc (37e5125f-f79b-445b-8fad-9564f167944b) Requested by: n/a

Opam packages affected (4)

conf-gd conf-libpng grib qrencode

Products affected (2)

Product Vendor Version
n/a n/a < 6c020f05253df04c3480b586fe188a3582740049
n/a n/a <= 6.1.*

References (16)